Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Thanks to COVID-19, New Types of Documents are Lost in The Wild

Published: 2021-10-20
Last Updated: 2021-10-20 10:25:50 UTC
by Xavier Mertens (Version: 1)
0 comment(s)

In many countries, citizens are vaccinated and authorities are now implementing new rules when you need to attend some events or travels. For example, in Brussel (BE), you must prove that you're completely vaccinated by showing your "COVID Safe Ticket" to go to a restaurant or a bar. The document name changes across countries but it's basically the same document for everybody with a QR-code.

Some people are against the vaccin and look for "solutions" to attend events. They try to find or to fake such certificates (which is of course illegal). A few weeks ago, the French president Emmanual Macron had his QR code stolen and re-used by some people[1]. This means that people are looking for QR-code and data! Behind this story, there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information.

For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files:

Be careful when you exchange documents like these on a cloud service or if you exchange them via tools that automatically feed VT! Once uploaded, they should be considered as "lost"!

[1] https://www.rfi.fr/en/france/20210924-health-officials-identify-suspects-behind-macron-s-qr-data-leak-health-pass-digital-security

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

0 comment(s)
Diary Archives